remove default tt-policy since https://github.com/electron/electron/issues/27211 is fixed, https://github.com/electron/electron/issues/27211

2021-06-25 15:44:27 +02:00 · 2021-06-25 15:44:27 +02:00 · 6c3defb810
commit 6c3defb810
parent f9f0798c53
4 changed files with 2 additions and 36 deletions
--- a/src/vs/code/electron-browser/workbench/workbench.html
+++ b/src/vs/code/electron-browser/workbench/workbench.html
@ -4,7 +4,7 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
-		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types default TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
+		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
 	</head>
 	<body aria-label="">
 	</body>
--- a/src/vs/code/electron-browser/workbench/workbench.js
+++ b/src/vs/code/electron-browser/workbench/workbench.js
@ -68,23 +68,6 @@
 		}
 	);

-	// add default trustedTypes-policy for logging and to workaround
-	// lib/platform limitations
-	window.trustedTypes?.createPolicy('default', {
-		createHTML(value) {
-			// see https://github.com/electron/electron/issues/27211
-			// Electron webviews use a static innerHTML default value and
-			// that isn't trusted. We use a default policy to check for the
-			// exact value of that innerHTML-string and only allow that.
-			if (value === '<!DOCTYPE html><style type="text/css">:host { display: flex; }</style>') {
-				return value;
-			}
-			throw new Error('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// console.trace('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// return value;
-		}
-	});
-
 	//#region Helpers

 	/**
--- a/src/vs/code/electron-sandbox/workbench/workbench.html
+++ b/src/vs/code/electron-sandbox/workbench/workbench.html
@ -4,7 +4,7 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
-		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types default TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
+		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
 	</head>
 	<body aria-label="">
 	</body>
--- a/src/vs/code/electron-sandbox/workbench/workbench.js
+++ b/src/vs/code/electron-sandbox/workbench/workbench.js
@ -68,23 +68,6 @@
 		}
 	);

-	// add default trustedTypes-policy for logging and to workaround
-	// lib/platform limitations
-	window.trustedTypes?.createPolicy('default', {
-		createHTML(value) {
-			// see https://github.com/electron/electron/issues/27211
-			// Electron webviews use a static innerHTML default value and
-			// that isn't trusted. We use a default policy to check for the
-			// exact value of that innerHTML-string and only allow that.
-			if (value === '<!DOCTYPE html><style type="text/css">:host { display: flex; }</style>') {
-				return value;
-			}
-			throw new Error('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// console.trace('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// return value;
-		}
-	});
-
 	//#region Helpers

 	/**